Nvidia Shield can't connect to new router with OpenWRT

Installing and Using OpenWrt Network and Wireless Configuration
1

Hi folks,

I've got a flint 2 router with the official OpenWRT image flashed (not the GLiNet version).

I've finished setting up my network, vlans, and routing, but my Nvidia Shield has the same behavior when making a wired or wireless connection - it connects to the network, receives an IP, and then the devices complains that it's "not connected to the internet". I can see the device listed in LUCI, but can't ping it from another machine on the same vlan. I can successfully ping other devices on the same vlan.

This happens with any cable/port/wifi combination.

I can successfully connect to all ports with the same cat6 cable and my laptop.
Multiple other devices are connected to the wireless networks without issue.

To top it all off, I can disable my phone data, connect only to my wifi, and create a hotspot, and the Nvidia Shield connects to it without issue.

I've tried a few things after spending some time reading up on common Nvidia Shield troubleshooting issues, but I'm at a loss, none of these has worked:

  • disabled IPV6 for the device and interface.
  • power cycled the router
  • power cycled the nvidia shield
  • switched out all cables
  • changing out the DNS used by the vlan

Given this works with my old (Ubiquiti) router, I'm fairly certain it's not a hardware issue and might be something different in the defaults between Ubiquiti and OpenWRT?

I dunno, y'all have any suggestions?

DHCP

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option cachesize '1000'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'
        option ednspacket_max '1232'
        option filter_aaaa '0'
        option filter_a '0'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

config dhcp 'home'
        option interface 'home'
        option start '100'
        option limit '150'
        option leasetime '12h'

config dhcp 'wiguest'
        option interface 'wiguest'
        option start '100'
        option limit '150'
        option leasetime '12h'

Firewall

config defaults
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option synflood_protect '1'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        list network 'wan'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'lan'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config zone
        option name 'home'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'home'

config rule
        option src 'home'
        option name 'Home DHCP, DNS, and PING'
        option dest_port '53 67 68'
        option target 'ACCEPT'
        option family 'ipv4'
        list proto 'tcp'
        list proto 'udp'
        list proto 'icmp'

config zone
        option name 'guest'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'wiguest'

config forwarding
        option src 'guest'
        option dest 'wan'

config rule
        option src 'guest'
        option name 'Guest DHCP, DNS, and PING'
        option dest_port '53 67 68'
        option target 'ACCEPT'
        list proto 'tcp'
        list proto 'udp'
        list proto 'icmp'

config forwarding
        option src 'home'
        option dest 'wan'

Network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option packet_steering '1'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'
        list ports 'lan5'
        option ipv6 '0'

config device
        option name 'lan1'
        option ipv6 '0'

config device
        option name 'lan2'
        option ipv6 '0'

config device
        option name 'lan3'
        option ipv6 '0'

config device
        option name 'lan4'
        option ipv6 '0'

config device
        option name 'lan5'
        option ipv6 '0'

config interface 'lan'
        option device 'br-lan.1'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config interface 'wan'
        option device 'eth1.201'
        option proto 'pppoe'
        option username ''
        option password ''
        option ipv6 'auto'

config bridge-vlan
        option device 'br-lan'
        option vlan '1'
        list ports 'lan1:t'
        list ports 'lan2:t'
        list ports 'lan3:t'
        list ports 'lan4:t'
        list ports 'lan5:u*'

config bridge-vlan
        option device 'br-lan'
        option vlan '10'
        list ports 'lan1'
        list ports 'lan2:t'
        list ports 'lan3:t'
        list ports 'lan4:t'

config bridge-vlan
        option device 'br-lan'
        option vlan '130'
        list ports 'lan1:t'
        list ports 'lan2:t'
        list ports 'lan3:t'
        list ports 'lan4:t'

config interface 'home'
        option device 'br-lan.10'
        option proto 'static'
        option ipaddr '192.168.10.0'
        option netmask '255.255.255.0'
        option delegate '0'
        list dns '1.1.1.1'
        list dns '1.0.0.1'

config interface 'wiguest'
        option device 'br-lan.130'
        option proto 'static'
        option ipaddr '192.168.130.0'
        option netmask '255.255.255.0'

config device
        option name 'br-lan.10'
        option type '8021q'
        option ifname 'br-lan'
        option vid '10'
        option ipv6 '0'

config device
        option name 'br-lan.1'
        option type '8021q'
        option ifname 'br-lan'
        option vid '1'
        option ipv6 '0'


config device
        option name 'br-lan.130'
        option type '8021q'
        option ifname 'br-lan'
        option vid '130'
        option ipv6 '0'

config device
        option name 'phy0-ap0'
        option ipv6 '0'

config device
        option name 'phy1-ap0'
        option ipv6 '0'

Wireless

config wifi-device 'radio1'
        option type 'mac80211'
        option path 'platform/soc/18000000.wifi+1'
        option band '5g'
        option channel '36'
        option cell_density '0'
        option htmode 'HE80'

config wifi-iface 'wifinet1'
        option device 'radio1'
        option mode 'ap'
        option ssid ''
        option encryption 'psk2'
        option isolate '1'
        option key ''
        option network 'wiguest'
2

You've got some errors:

the addresses below are invalid. Change them to the .1 address:

Some cleanup to do:
Delete all of this:

And if your intent is that VLAN 10 will be untagged on port lan1, make that explicit by adding :u* to that port:

Restart and then test again by connecting the shield to port lan5 (for the lan network) or port lan1 (for the home network). The other ports don't have any untagged networks associated.

Do you really want to have ports 1-4 setup as trunks? What is your desired port-VLAN membership?

1 Like
3

To be clear, the netmask is OK, just fix the ipaddr sections with .0 as the last octets.

1 Like
4

Thanks all, I can't believe I missed that .0 / .1 typo. That definitely took care of the main issue.

Do you really want to have ports 1-4 setup as trunks? What is your desired port-VLAN membership?

@psherman, probably not, thanks for the advice. I opened an earlier topic that outlines my full goals here: OpenWrt 24.10.1 - Help with configuring wired VLAN per port

I'm grateful for any input or suggestions you have. Thanks!

1 Like
5

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.